Wednesday, August 17, 2011

Popular Password Bug

Do you want to annoy your website users yet another way, in addition to thousands of others?

Follow these steps:

1) Set up a website with authorization.
2) Set the length limit for user passwords.
3) When a user signs in, automatically cut the over-limit password tail, without notifying the user.

Done! The next time a user with a long password tries to login, his password is incorrect. The only way out for users is password recovery.

I've stumbled into this stuff a couple of times. Now it has been reminded by the T-Mobile website.

No comments:

Post a Comment